This disclosure relates to authenticating techniques in a cloud computing environment.
In a conventional cloud computing environment, permissions model is sometimes split between multiple parties. For example, a part of the permissions model can be implemented by a system that manages user accounts, e.g., a user account authentication (UAA) server, whereas another part of the permissions model can be implemented in a system that manages spaces and user roles, e.g., a cloud controller. In such implementations, an adjacent API of an application, e.g., an application running in the cloud computing environment and secured with OAuth, may need the UAA to issue tokens with OAuth authorities for the application's own behavior as well as authorities that would enable the application to reconcile the cloud controller permissions. The commingling of the authorities for the application's own behavior and the authorities for reconciling with cloud controller permissions may be undesirable.